cookie与session
目录
cookie与session简介
cookie
服务端让客户端保存的数据(存储在客户端上与用户信息相关的数据)
session
服务端保存的跟用户信息相关的数据
注意:1session的工作必须依赖于cookie
2.客户端也有权拒绝保存数据
django操作cookie与session
普通登陆
# 基本使用
res.set_cookie() # 设置
res.COOKIE.get() # 获取
# 有很多视图函数需要添加或取消登录认证
def login(request):
if request.method == 'POST':
username = request.POST.get('username')
password = request.POST.get('password')
is_user = models.User.objects.filter(name=username).first()
if is_user:
user_obj = models.User.objects.filter(name=username).first()
if password == user_obj.password:
res = redirect('/home/')
res.set_cookie('name', '%s' % username)
return res
return HttpResponse('<br><br><br><h2 style="text-align:center">密码错误</h2>')
return HttpResponse('<br><br><br><h2 style="text-align:center">用户不存在</h2>')
return render(request, 'login.html')
def login_auth(func_name):
def inner(request, *args, **kwargs):
if request.COOKIES.get('name'):
res = func_name(request, *args, **kwargs)
return res
else:
return redirect('/login/')
return inner
跳转之前访问的界面
def login_auth(func_name):
def inner(request, *args, **kwargs):
target_path = request.get_full_path()
# print('路径', target_path)
if request.COOKIES.get('name'):
res = func_name(request, *args, **kwargs)
return res
else:
return redirect('/login/?next=%s' % target_path)
return inner
def login(request):
if request.method == 'POST':
username = request.POST.get('username')
password = request.POST.get('password')
is_user = models.User.objects.filter(name=username).first()
if is_user:
user_obj = models.User.objects.filter(name=username).first()
if password == user_obj.password:
path = request.GET.get('next')
# print(path)
if path:
res = redirect(path)
res.set_cookie('name', '%s' % username)
return res
else:
return redirect('/home/')
return HttpResponse('<br><br><br><h2 style="text-align:center">密码错误</h2>')
return HttpResponse('<br><br><br><h2 style="text-align:center">用户不存在</h2>')
return render(request, 'login.html')
django操作cookie补充
加盐处理
def login(request):
if request.method == 'POST':
username = request.POST.get('username')
password = request.POST.get('password')
is_user = models.User.objects.filter(username=username).first()
if is_user:
user_obj = is_user
if password == user_obj.password:
res = redirect('/home/')
res.set_signed_cookie('username', '%s' % username, salt='reserve')
return res
return HttpResponse('<br><br><br><h3 style="text-align:center">密码错误</h3>')
return HttpResponse('<br><br><br><h3 style="text-align:center">用户不存在</h3>')
return render(request, 'login.html')
def login_auth(func_name):
def inner(request, *args, **kwargs):
target_path = request.get_full_path()
print(f'路径:{target_path}')
login_user = request.get_signed_cookie('username', salt='reserve') # 加盐处理
print(login_user)
is_user = models.User.objects.filter(username=login_user).first()
# print(is_user, type(is_user)) # linda-对象 <class 'app01.models.User'>
if is_user:
res = func_name(request, *args, **kwargs)
return res
return redirect('/login/?=%s' % target_path)
return inner
超时时间
def login(request):
if request.method == 'POST':
username = request.POST.get('username')
password = request.POST.get('password')
is_user = models.User.objects.filter(username=username).first()
if is_user:
user_obj = is_user
if password == user_obj.password:
path = request.GET.get('next')
print(path)
if path:
res = redirect(path)
res.set_signed_cookie('username', '%s' % username, salt='reserve', max_age=5)
return res
else:
res = redirect('/home/')
res.set_signed_cookie('username', '%s' % username, salt='reserve', max_age=5)
return res
return HttpResponse('<br><br><br><h3 style="text-align:center">密码错误</h3>')
return HttpResponse('<br><br><br><h3 style="text-align:center">用户不存在</h3>')
return render(request, 'login.html')
def login_auth(func_name):
def inner(request, *args, **kwargs):
target_path = request.get_full_path()
is_cookie = request.COOKIES.get('username')
if is_cookie:
login_user = request.get_signed_cookie('username', salt='reserve') # 加盐处理
is_user = models.User.objects.filter(username=login_user).first()
if is_user:
res = func_name(request, *args, **kwargs)
return res
return redirect('/login/?next=%s' % target_path)
return redirect('/login/?next=%s' % target_path)
return inner
清除cookie
def logout(request):
res = HttpResponse('<br><br><br><h2 style="text-align:center">退出登陆成功</h2>'
'<br><p style="text-align: center"><a href="/home/">返回主界面</a></p>')
res.delete_cookie('username')
return res
django操作session
一、设置session内部发生的事情
1.产生一个随机字符串
2.表中存储随机字符串与加密数据的对应关系
3.并将产生的随机字符串也给客户端发送一份并让其保存
二、获取session内部发送的事情
1.自动获取客户端请求中的随机字符串
2.自动去存储session数据的表中比对
3.如果比对成功自动获取并'解密处理'
def set_session(request):
request.session['name1'] = 'linda'
request.session['name2'] = 'simon'
return HttpResponse("set_session操作")
def get_session(request):
res1 = request.session.get('name1')
res2 = request.session.get('name2')
print(res1, res2)
print(request.session.session_key)
return HttpResponse('get_session操作')
django操作session补充
request.session.session_key # 获取产生的随机字符串
request.session.delete() # 只删客户端
request.session.flush() # 服务端,客户端都删
request.session.set_expiry(value) # 设置超时时间
(1)如果value是整数,session会在指定秒数后失效。
(2)如果value是datatime或timedelta,session会在这个时间后失效。
(3)如果value是0,关闭浏览器session就会失效。
(4)如果value是None,session依赖全局session失效策略。
针对session数据的存储位置有五种方案
(1)数据库存储
(2)缓存存储
(3)文件存储
(4)缓存+数据库存储
(5)动态加密
CBV添加装饰器
方式一
# 直接在类名上添加并指定
@method_decorator(login_auth, name='get')
class MyLoginView(views.View):
# @method_decorator(login_auth)
def get(self, request):
return HttpResponse('<br><br><br><h2 style="text-align:center">from CBV get view</h2>')
def post(self, request):
return HttpResponse('<br><br><br><h2 style="text-align:center">from CBV post view</h2>')
方式二
# 直接在类中的某个方法上添加
class MyLoginView(views.View):
@method_decorator(login_auth)
def get(self, request):
return HttpResponse('<br><br><br><h2 style="text-align:center">from CBV get view</h2>')
def post(self, request):
return HttpResponse('<br><br><br><h2 style="text-align:center">from CBV post view</h2>')
方式三
# 重写dispatch方法并添加作用于类中所有的方法
class MyLoginView(views.View):
def get(self, request):
return HttpResponse('<br><br><br><h2 style="text-align:center">from CBV get view</h2>'")
def post(self, request):
return HttpResponse('<br><br><br><h2 style="text-align:center">from CBV post view</h2>')
@method_decorator(login_auth)
def dispatch(self, request, *args, **kwargs):
super().dispatch(request, *args, **kwargs)
return HttpResponse(None)
